Oh, The Shame! Simple Steps to Avoid a Cyber Security Meltdown

Posted by Dave White, Trinus Technologies 19-12-2019 11:21 AM

Recent news articles about Cyber Attacks on municipalities in Canada and the U.S. reveal a depressing reality about the information systems and practices of many municipal governments.

As IT becomes more integrated into daily municipal operations, the threats of debilitating Cyber Attacks increase dramatically. Midland, ON, St. John, NB, Stratford, ON, Wasaga Beach, ON, Lake City, FL, Riviera Beach, FL, Baltimore, MA, and Key Biscayne, FL, have all fallen victim to devastating Cyber Attacks in recent months. In this case, size doesn’t matter, and more than one municipality has paid a hefty ransom to retrieve their files. But costs aside, it erodes confidence that Administration are in control of the sensitive information entrusted to them.

However, it’s not only municipalities. Just about any business –
large or small – is susceptible to Cyber Attacks with devastating results. Simply ask Equifax or Capital One about the public shaming that has inflicted untold damage on their corporate reputations.

But it doesn’t have to be this way
There are three things an organization can do to mitigate their Cyber Risks, and all are easy to implement with some simple planning and forethought. Here’s a quick synopsis:

1. Get your IT department in order – Most attacks come to you through the Internet connection. That means you need a best-in-class firewall with Subscription Services to constantly check ALL Internet traffic against real-time databases of known threats. Firewalls need to be sized correctly, to prevent Internet slowdowns for users. Your Anti-Virus Software also needs to be top-notch and installed on EVERY piece of Technology: Workstations, Laptops, Tablets, Servers, AND (often overlooked) Smartphones. The Anti-Virus Subscription needs to be current and all devices need to be centrally managed. It also needs to be locked, to prevent tampering. Restrict access to Wi-Fi by using strong passwords – and change them often. It is estimated that over 80% of Email traffic is either SPAM or virus, so your incoming Emails need to be extensively filtered by a service outside your organization, BEFORE it reaches your servers. Summary: Don’t scrimp on your Technical Cyber Security Counter-Measures – Buy the Best.

2. Ensure your backups are bullet-proof – State-of-the-art Backup Systems use Image Technology to take snapshots of servers and critical systems that can be overlaid onto replacement or emergency servers, in case the primary servers are rendered inoperable – for any reason. DAILY backup versions need to span more than one week; ideally, at least one month’s worth (savvy organizations take “archive” images each month.) Backups need to be stored offsite – preferably on a private, secure Cloud host. Offsite means truly offsite; NOT another connected facility in your organization. Backups need to be tested regularly (at least weekly) by restoring one or more files at random – or a complete server image.

An IT Disaster Recovery Procedure should be written, tested and include instructions on the alternate hardware to be used, and where. Summary: KNOW that your Backups are current, safe, complete, and work as advertised.

3. Educate your users – Microsoft president Brad Smith was recently quoted, saying: “Every organization has at least one employee who will click on anything. It’s hard to protect (against that).” Thus, constantly reinforced User Education is key to ensuring staff members are kept up to date on the latest threats. Weekly Email alerts, reminders at staff meetings, and periodic webinars are excellent tools to keep Cyber Security top-of-mind. Your Staff Education portfolio must include a written procedure for what-to-do if someone has clicked on a virus attachment. Make it simple and easy to understand, and have employees post it near their workstations. Savvy organizations even practice these procedures.

User Education should also reinforce the proper management of passwords; changing them often, using appropriately strong passwords, and NEVER sharing them. Summary: Enlighten your staff with permanent and relevant Cyber Security Education; a constant drip of Cyber Security anti-venom is better than invasive surgery.

Of course, more advanced measures start with a full Cyber Security Assessment to uncover hidden vulnerabilities. Don’t become a poster child for the next Cyber Attack news report; follow these simple guidelines and start down the path to stress-free Cyber Security.